DE10242673B4 - Procedure for identifying a user - Google Patents

Abstract

Procedure for identifying a user with the following steps:
a) Receipt of a code from a server by a client via a secure connection after the client has established a connection with the server,
b) Encryption of a data object with a secret key, the code and a certificate being linked to the data object, identity data and a public key being stored in the certificate,
c) Sending the encrypted data object, the unencrypted certificate and the unencrypted code via an unsecured network connection from the client to the server, so that the encrypted code can be decrypted with the public key on the server side and the decrypted code can be decrypted with the unencrypted code for checking the Authenticity of the identity data can be compared.

Description

The invention relates to a method, computer program product and client computer system for identifying a user, as well as a corresponding server computer system.

Various systems for identifying a user are known from the prior art. Such systems generally work based on cryptographic procedures and are used for different applications in e-business.

From the WO 01/24082 A1 a system for making electronic payment is known. Here, a first bank acts as a certification authority for a buyer by issuing a private key for the buyer. The buyer uses the private key to sign payment instructions that are transmitted to the first bank or to a second bank. The payment instructions can be transmitted to the first bank indirectly via the seller and the second bank, i.e. the seller's bank. The particular disadvantage of this system is that there is insufficient security against replay attacks.

The one from the WO 01/20513 A1 known system, a hash value of the transaction data is also formed by the buyer. The hash value is then signed with the buyer's private key and transmitted to the buyer along with the digital certificate. This extension does not offer sufficient protection against replay attacks either.

From the WO 01/22373 A1 a method for performing a transaction between a client and a server over a network is known. To process a transaction between a client and a server, a confidential connection is first established, for example using the SSL protocol. The client computer identifies itself to the server via the SSL protocol. To establish the SSL connection, a private key stored on the user's smart card is used, as well as a serial number of the smart card, which is stored in the user's certificate. The user must also enter their PIN to establish the SSL connection.

After the SSL connection has been established, the user searches for the desired goods on the server's website. He then receives a page from the client computer with the contents of the shopping cart and a request to confirm the purchase. The buyer signs the page to confirm. The confirmation, the digital signature and a random number generated by the smart card are then transmitted to the server computer. The server checks the digital signature and the random number generated by the smart card of the user with a "master key".

The disadvantage here is that the entire process requires a protected SSL connection, both for the initialization and for the confirmation of the transaction. Another disadvantage is that the page delivered by the server to the client with the shopping cart can be manipulated on the client side.

From the DE 196 29 192 A1 a method and system for achieving a secure electronic data exchange over an open network is known.

For this purpose, asymmetrical keys are used by the individual network participants. For the exchange of data, a hash code is calculated, which is inserted at a specified point in a confirmation message. A second hash code and a digital signature of the confirmation message are also generated. On the recipient side, authentication then takes place based on the digitally signed confirmation message. The disadvantage here is that there is no protection against replay attacks.

From the DE 40 03 386 C1 a method for assigning user data to a specific sender is known. A hash value is formed from the user data, which is subjected to a cryptographic algorithm. After the user has authenticated himself using a biometric method, the hash value is processed together with the user's private key using the cryptographic algorithm to form a signature. Although this procedure offers a protection mechanism against replay attacks, it requires the use of biometric procedures.

The pamphlet WO 01/82167 A1 shows and describes a method for secure transactions in the event that a user with a chip card at a stationary terminal wants to be authorized by a remote server. In this process, the stationary terminal first establishes contact with a remote server. Then the remote server sends a random number (challenge) to the terminal. The terminal receives the random number, encrypts it together with identification information from the user and sends back the result, which is also referred to as a response. This message (response) is decrypted in the remote server and the result is compared with the random number sent. If a match is found, it can be concluded that the smart card is authentic because it uses the correct key.

Furthermore, the “Handbook of Applied Cryptography”, Menezes, J. et al., CRC Press, 1997, pages 397 to 405 describes that a terminal generates a further random value when sending encrypted data back, which is unencrypted together with the encrypted random value of a server and further encrypted data is sent to the server.

The invention is therefore based on the object of creating an improved method for identifying a user as well as a corresponding computer program product and a computer system.

The objects on which the invention is based are each achieved with the features of the independent patent claims. Preferred embodiments of the invention are specified in the dependent claims.

The present invention enables a user to be identified reliably and efficiently, in particular for applications in e-business. For example, the identification of a user according to the invention enables the secure ordering of goods, payment or identification with an authority server or the submission of any other declaration of intent by electronic means.

According to a preferred embodiment of the invention, a user selects a business or government process on a web page that requires identification of the user. The server then generates a code, for example a so-called transaction number (TAN).

The code is transmitted from the server to the client via a secure connection. In particular, a Secure Socket Layer (SSL) protocol, such as SSL-2 or SSL-3, can be used here. On the other hand, the code can also be sent to the user in conventional ways, such as by post.

The transfer of the code from the server to the client user via a secure and encrypted connection has the advantage that the code is kept secret. This is an important measure to protect against so-called replay attacks.

On the client side, the code and the identity data are then encrypted with a secret key. The procedure is preferably such that a data object is formed from the code and a certificate. The certificate contains the user's identity data and the user's public key. The data object consisting of the code and the certificate is encrypted with the secret key of the user. The encrypted data object as well as the unencrypted certificate and the unencrypted code are then transmitted from the client to the server. No secure connection is required for this, so that, for example, transmission via an Internet, extranet or the Internet can take place without additional security measures.

On the server side, the public key is then read from the unencrypted transmitted certificate. The encrypted data object is decrypted with the public key. The code of the data object decrypted in this way is compared with the unencrypted transmitted code. If the two codes match, it follows that the identity data in the certificate is authentic, so that the user is identified with it.

The security of this method can be further increased by the fact that the code is only valid for a limited period of time and can only be used for a single transaction.

According to a preferred embodiment of the invention, the data object is encrypted using a chip card. The procedure here is that the certificate is transferred from a memory on the chip card to the client in order to combine it there with the code to form the data object. The data object is then transmitted to the chip card so that the processor of the chip card uses the secret key stored in the chip card to encrypt the data object.

The encrypted data object is then transmitted back from the chip card to the client. From there, the encrypted data object as well as the unencrypted certificate and the unencrypted code are transmitted to the server via an unsecured network connection.

The chip card with the stored certificate and the secret key is preferably secured by a personal identification number (PIN) of the user. Before encryption, the user must enter his PIN via a chip card interface.

According to a preferred embodiment of the invention, the certificate is not also transmitted in plain text. In this case, the user's public key is queried from a publicly accessible database in order to decrypt the data object.

According to a preferred embodiment of the invention, the chip card is a so-called citizen card. The citizen card is issued by an accredited certification authority, in particular a so-called trust center, with the trust center receiving personal-identifying registration data from a residents' registration authority. The citizen card thus functions as an electronic identity card due to the cooperation between the registration authority and the trust center. This has the advantage that it is not necessary to set up a separate infrastructure and everyone can participate in the method according to the invention.

• 1 ein Blockdiagramm einer Ausführungsform eines erfindungsgemäßen Computersystems,
• 2 ein Flussdiagramm einer Ausführungsform eines erfindungsgemäßen Verfahrens,
• 3 ein Object Relationship Diagramm einer Ausführungsform des erfindungsgemäßen Verfahrens.

Preferred embodiments of the invention are further explained with reference to the drawings. Show it:

• 1 a block diagram of an embodiment of a computer system according to the invention,
• 2 a flow chart of an embodiment of a method according to the invention,
• 3 an object relationship diagram of an embodiment of the method according to the invention.

The 1 shows a server computer 100 and a client computer 102 , between those through a network 104 , for example an intranet, extranet or the internet a connection can be established. The server computer 100 has at least one web page106 with a script 108 . Instead of a script, a so-called applet can also be used. In this way, for example, a so-called plug-in for a standard browser program is implemented.

The server computer 100 also includes an identification program module 110 as well as a time base 112 . This can for example be in the form of a timer.

At the client computer 102 it is preferably a conventional personal computer. On the client computer 102 is a browser program 114 installed, for example Microsoft Internet Explorer or Netscape Navigator. The client also has computers 102 a smart card interface 116 .

Via the chip card interface 116 can from the client computer 102 a chip card reader 118 be addressed. In the chip card reader 118 is a chip card 120 insertable. It is preferably the chip card 120 a so-called microprocessor card, i.e. a chip card that is next to a memory 122 also through a processor 124 disposes.

In the memory 122 is a certificate 126 of the authorized holder of the chip card 120 saved. The certificate 126 contains the identification data 128 of the owner, which are preferably identity-describing attributes according to the specification in the "data record for reporting". In particular, the identification data contain the name, address, date of birth and other personal data of the owner.

The certificate also includes 126 a public key 130 of the owner. Preferably the certificate 126 generated by a trust center, which the identification data 128 received from a registration authority. In this case it is the chip card 120 a so-called citizen card, which has the function of an electronic identity card.

The owner of the chip card starts to carry out a transaction 120 the browser program 114 and loads the web page 106 . By loading the web page 106 is also the script 108 transferred, which as a plug-in for the browser program 114 acts.

The web page can be, for example, the municipal web site of a city, an official web page or a commercial web page. The user can from the web page 106 choose a process that requires user identification. This can be, for example, a business process or an official, administrative process.

Once such a process has been selected by the user, the identification program module 110 a so-called identity request from the server computer 100 to the browser program 114 Posted. The identity request is a data object that is to be filled on the client side with the identity data of the user and then handled in terms of security, after which it is to be received by the client 102 to the server 101 sent back and from the server 100 is evaluated.

After receiving the identity request from the server computer 100 starts the browser program 114 a dialog and sends to the server computer 100 a Transaction_Key request. The Transaction_Key request is a request for a code, i.e. a so-called transaction key or a transaction number, which must be unique for the duration of the transaction.

After receipt of the Transaction_Key request by the server computer 100 generates the identification program module 110 a Transaction_Key, that is, the requested code, and sends this back to the browser program 114 . The Transaction_Key is transmitted over a secure, encrypted line channel, for example using the SSL protocol.

• - es enthält die personenidentifizierenden Meldedaten als Attribute,
• - es enthält den öffentlichen Schlüssel des ebenfalls auf der Karte befindlichen Hauptzertifikats,
• - es ist vom Trust Center signiert, dass damit eine haftungsrechtliche Verantwortung übernimmt und enthält die Signatur des Trust Centers.

To fill the data object given by the identity request with identity data, the user uses his chip card 120 into the chip card reader 118 on and switches on the chip card 120 free by entering his PIN. Thereupon the chip card interface 116 of the client computer 102 via the chip card reader 118 on the chip card 120 accessed to the certificate 126 read out. It is preferably the certificate 126 a so-called secondary certificate with the following properties:

• - it contains the personal-identifying reporting data as attributes,
• - it contains the public key of the main certificate that is also on the card,
• - it is signed by the trust center that it assumes liability under the law and contains the signature of the trust center.

The certificate 126 is on the part of the client computer 102 linked to a data object with the Transaction_Key. Alternatively, this link can also be made through the chip card 120 be done by yourself.

The data object consisting of the certificate 126 and the Transaction_Key is used by the client computer 102 to the chip card 120 transfer. Through the processor 124 the chip card 120 This data object is then encrypted with the secret key 132 of the holder of the card, which is also in the memory 122 is stored. The data object signed in this way is used by the chip card 120 to the client computer 102 transfer. A particular advantage here is that due to the signature of the data object by the chip card 120 itself, the secret key 132 not from the chip card 120 needs to be read out.

The identity request is then filled with the signed data object and received from the client computer 102 to the server computer 100 over the network 104 Posted. Likewise, the unencrypted certificate 126 and the unencrypted Transaction_Key over the network 104 in plain language to the server computer 100 transfer. This transfer can take place without additional security measures, whereby the security of the method is not affected.

This functionality, i.e. the generation of the data object and the sending of the signed data object and the certificate, is preferred 126 and the Transaction_Key by the client computer 102 through the script 108 realized. This ensures a high level of user-friendliness.

After receiving the signed data object and the certificate 126 and the Transaction_Key by the server computer 100 the identity request is checked on the server side. The identification program module solves this 110 the public key from the certificate 126 which was transmitted in plain text. The signed data object is decrypted with the help of the public key.

The identification program module then compares 110 the Transaction_Key transmitted in plain text with the Transaction_Key obtained by decrypting the signed data object. If both Transcation_Keys match, the identification data apply 128 in the certificate 126 as authentic, that is to say on the server side, it can be safely assumed that it is the user of the client computer 102 the authorized holder of the chip card 120 acts.

In addition, the identification program module 110 it is checked whether the matching Transaction_Keys are still valid or have already expired due to the expiry of time. This is done by accessing the time base 112 checks whether a maximum time has been exceeded. For example, the Transaction_Key can have a time stamp, the time information in the time stamp then with the current time of the time base 112 is compared.

After successful identification, one or more of the attributes describing the identity can be taken from the identification data 128 can be used to perform the desired process.

Protection against so-called replay attacks is of particular advantage in this embodiment of the method according to the invention. The transfer of the Transaction_Key from the server computer 100 to the client computer 102 preferably takes place via a secure channel so that it is not possible to spy on the Transaction_Key.

On the other hand, an unauthorized third party can prevent the transmission of the signed data object, the certificate and the Transaction_Keys via an unsecured connection from the client computer 102 to the server computer 100 Become aware. A “replay” of this transmission cannot be used for manipulation, however, since the Transaction_Key is only valid for a single transaction.

Even if a new Transaction_Key is available for another from the client computer user 102 The requested transaction could be spied out and linked to the signed data object by the third party, such a fraud attempt would fail because the new Transaction_Key does not match the Transaction_Key in the signed data object.

The 2 shows a corresponding flow chart. In the step 200 becomes a Uniform Resource Locator (URL) of the web page (see web page 106 ) entered into the user's browser program. Then in the step 202 the web page and the associated script are loaded by the client. On the server side, the identification program module becomes in step 204 started.

In the step 206 a request for identification occurs after a corresponding process has been selected on the web page on the client side. The client then requests a code for the selected transaction from the server, that is to say a so-called transaction key. This is also known as the transaction number (TAN) or the Transaction_Key.

The transaction key is then transmitted electronically or in some other way, such as by post, via a secure transmission path. This is done in step 210 . A secure, encrypted line channel, such as the SSL protocol, is used for electronic transmission. This prevents an unauthorized third party from spying out the transaction key during transmission between the server and the client.

In the step 212 the client user activates his chip card by entering his chip card PIN. The certificate stored in the chip card is then transferred from the chip card to the client (step 214 ) so that there in the step 216 a data object consisting of the certificate and the transaction key is formed.

In the step 218 this data object is transmitted from the client to the chip card and signed by the chip card using the secret key of the chip card holder.

The signed data object is then transferred from the chip card to the client (step 222 ). In step 224 the signed data object as well as the certificate and the transaction key are transmitted from the client to the server, whereby an unsecured transmission channel, such as the Internet, can be used. This client-side process is preferably implemented essentially by the script loaded with the web page or by a pre-installed plug-in of the browser program.

In the step 226 the public key is read from the certificate on the server side, with the help of this in the step 228 the signed data object is decrypted.

In the step 230 the server then checks whether the transaction key transmitted unencrypted matches the transaction key obtained from the data object by decryption. If this is not the case, there is no identification of the user, that is to say it is not assumed that the user of the client is the authorized holder of the chip card. The process in step 232 canceled.

If, on the other hand, the test in step 230 shows that the transaction keys match is done in the step 234 A signal is generated on the server side, which indicates that the identification data of the certificate are authentic, i.e. that the user of the client is the owner of the chip card 120 acts. Further processing steps can then be carried out in step 236 according to the chosen process.

The 3 illustrates this process with the help of an object relationship diagram, which the objects server computer 100 , Client computer 102 and chip card 120 includes.

First is from the server 100 to the client 102 A transaction key, i.e. a so-called TAN or a Transaction_Key, is transmitted, which is a code that is assigned to a desired transaction. A chip card PIN is then entered on the client side to access the chip card 120 activate freely.

From the chip card 120 the certificate becomes the client computer 102 transfer. There the certificate and the TAN are linked to a data object, which in turn is linked to the chip card 120 is transmitted and signed there with the secret key.

The signed data object is then taken from the smart card 120 to the client computer 102 transfer. From there, the signed data object is sent to the server computer together with the TAN and the certificate in plain text via an unsecured line connection 100 transfer. On the server side, it can then be checked whether or not the unencrypted transmitted TAN matches the TAN obtained through decryption of the signed data object.

List of reference symbols

100

Server computer

102

Client computer

104

network

106

Website

108

Script

110

Identification program module

112

Time base

114

Browser program

116

Chip card interface

118

Chip card reader

120

Chip card

122

Storage

124

processor

126

certificate

128

Identification data

130

public key

132

secret key

Claims (14)

Procedure for identifying a user with the following steps: a) Receipt of a code from a server by a client via a secure connection after the client has established a connection with the server, b) Encryption of a data object with a secret key, the code and a certificate being linked to the data object, identity data and a public key being stored in the certificate, c) Sending the encrypted data object, the unencrypted certificate and the unencrypted code via an unsecured network connection from the client to the server, so that the encrypted code can be decrypted with the public key on the server side and the decrypted code can be decrypted with the unencrypted code for checking the Authenticity of the identity data can be compared. Procedure according to Claim 1 , whereby a Secure Socket Layer (SSL) protocol is used to implement the secure connection. Method according to one of the preceding Claims 1 and 2 , whereby a chip card is used for encryption in which the secret key and the certificate are stored. Method according to one of the preceding Claims 1 to 3 , whereby an identification code (PIN) is entered by a user to activate the encryption before the encryption. Procedure according to Claim 1 where the unsecured connection is an intranet, extranet, or the Internet. Computer program product, in particular digital storage medium, with program means for performing the following steps: a) Receipt of a code from a server by a client via a secure connection after the client has established a connection with the server, b) Encryption of a data object with a secret key, the code and a certificate being linked to the data object, identity data and a public key being stored in the certificate, c) Sending the encrypted data object, the unencrypted certificate and the unencrypted code via an unsecured network connection from the client to the server, so that the encrypted code can be decrypted with the public key on the server side and the decrypted code can be decrypted with the unencrypted code for checking the Authenticity of the identity data can be compared. Client computer system to identify a user with: a) Means for receiving a code from a server computer system by the client computer system via a secure connection after the client computer system has established a connection with the server computer system, b) means for encrypting a data object with a secret key, the code and a certificate being linked to form the data object, identity data and a public key being stored in the certificate; c) Means for sending the encrypted data object, the unencrypted certificate and the unencrypted code via an unsecured network connection from the client computer system to the server computer system, so that the encrypted code can be decrypted with the public key on the server side and the decrypted code with the unencrypted transmitted code can be compared to check the authenticity of the identity data. Method for identifying a user with the following steps: a) Sending a code from a server to a client via a secure connection after the client has established a connection with the server, b) Receipt of a data object encrypted with a secret key, the code and a certificate being linked to the data object, the unencrypted certificate and the unencrypted code via an unsecured network connection from the client by the server, with identity data and a public key in the certificate are stored, c) decryption of the encrypted data object with the public key, d) checking of the authenticity of the identity data by comparing the decrypted code with the unencrypted transmitted code. Procedure according to Claim 8 , whereby a Secure Socket Layer (SSL) protocol is used to establish the secure connection. Procedure according to Claim 8 or 9 , whereby the reception takes place via an unsecured connection, in particular an intranet, extranet or the Internet. Computer program product, in particular digital storage medium, with program means for performing the following steps: a) Sending a code from a server to a client via a secure connection after the client has established a connection with the server, b) Receipt of a data object encrypted with a secret key, the code and a certificate being linked to the data object, the unencrypted certificate and the unencrypted code via an unsecured network connection from the client by the server, with identity data and a public key in the certificate are stored c) decryption of the encrypted data object with the public key, d) Checking the authenticity of the identity data by comparing the decrypted code with the unencrypted transmitted code. Server computer system for identifying a user with: a) Means for sending a code from the server computer system to a client computer system via a secure connection after the client computer system has established a connection with the server computer system, b) Means for receiving a data object encrypted with a secret key, the code and a certificate being linked to the data object, the unencrypted certificate and the unencrypted code via an unsecured network connection from the client computer system through the server computer system, in which Certificate identity data and a public key are stored, c) means for decrypting the encrypted data object with the public key, d) Means for checking the authenticity of the identity data by comparing the decrypted code with the unencrypted transmitted code. Server computer system according to Claim 12 with a web page and with means for generating the code when the web page is requested by a client computer system or a selection is made on the web page. System with a client computer system according to Claim 7 and with a server computer system according to one of the preceding Claims 12 to 13 .

Images